AdminSuperPassword

From Array Suite Wiki

Jump to: navigation, search

ArrayServer.cfg configuration in Option Section

Default value = none

AdminSuperPassword option stores a hash value for a predefined super password. ArrayServer admin may use the super-password to log into another user's account when UserAuthorization was set to False in ArrayServer.cfg.

Supported in Oshell version v10.0.1.74 and later.

When to use ArrayServer Super Password

ArrayServer admin occasionally needs to log into another user's account for troubleshooting, account maintenance, or retrieving legacy data.

If UserAuthorization=true, each user logs in with their User ID and ArrayServer Password. ArrayServer admins may retrieve any users credentials in Server => Manage => Manage Users, and log into the user's account from ArrayStudio GUI using the credentials.

If UserAuthorization option in ArrayServer.cfg set to false, the user's system ID is used as the UserID, and no password is required; ArrayServer admins cannot log in as other users.

With "AdminSuperPassword", ArrayServer admins may set a Superpassword that overrides this behavior; i.e. it allows them to log in as other users when UserAuthorization=false.

Warning.png WARNING: As this is a password that can allow access to any ArrayServer account if user authorization is false, the password should not be shared with others.


Creating Superpasswords

ArrayServer admins can use oshell to generate a hash value for a given password. The hash value of the password will then be saved in AdminSuperPassword parameter in ArrayServer (the Superpassword is not saved as plain text).

1. Generate hash value for a given super password key (e.g. MySuperPassword1) in Oshell:

In Windows:

oshell --generate-admin-superpassword MySuperPassword1

In Linux:

/opt/mono/bin/mono oshell.exe --generate-admin-superpassword MySuperPassword1

The commend will return a hash value (e.g. xxx111xxx) for the given password in terminal. Record the hash value.

CommandLine.png

2. Set AdminSuperPassword in ArrayServer.cfg, and save ArrayServer.cfg

AdminSuperPassword=kJTTzf9ZC/abgMFgFuqI05fPlqck8y0gMhRK4mWQ8M=

Please note that UserAuthorization needs to be False for the super password to work.

3. Restart ArrayServer

Once this is set, administrators (or anybody who knows the super-password) can log into ArrayServer using another user's ID and the super password (MySuperPassword1) in ArrayStudio.

Logging in with Superpassword

If User Authorization=False", users can connect to ArrayServer without entering credentials

UserAuthFalseLogin.png

And will be logged in with their system user ID

UserAuthFalseResult.png

If an administrator needs to log in as another user, they should click Server requires user authorization, enter the appropriate User ID, and the Admin Superpassword

SuperPasswordLogin.png

The administrator will be logged in as the other user:

SuperPasswordResult.png